Explore

Reuters Reuters
US shortens cyber fix window to three days as AI threats rise

US shortens cyber fix window to three days as AI threats rise

By Raphael Satter WASHINGTON, June 10 (Reuters) - The U.S. cyber defense agency said on Wednesday that government officials now have three days to deal with the most serious categories of digital vulnerabilities in their networks, a compressed timeline that is due in part to hackers' use of
Rapid Read Rapid Read
CISA Issues Directive for Smarter Patching in Response to AI-Driven Cyber Threats

CISA Issues Directive for Smarter Patching in Response to AI-Driven Cyber Threats

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 26-04, urging federal agencies to adopt a smarter approach to patching vulnerabilities. The directive emphasizes prioritizing patches based on risk rather than severity scores alone, acknowledging the limitations of traditional methods in an AI-driven environment. CISA's initiative is informed by over a decade of experience in federal vulnerability management and the growing impact of AI on cyber operations. The directive aims to help agencies focus on the most at-risk assets, as AI enables threat actors to exploit vulnerabilities more rapidly.
Rapid Read Rapid Read
CISA Rethinks Risk Prioritization for Federal and Private Sectors

CISA Rethinks Risk Prioritization for Federal and Private Sectors

The Cybersecurity and Infrastructure Security Agency (CISA) is revising its approach to prioritizing risks and vulnerabilities for federal agencies and private sector critical infrastructure. Acting Director Nick Andersen announced plans for a new binding operational directive aimed at improving vulnerability management by focusing on the risk associated with each vulnerability. The directive will encourage agencies to prioritize vulnerabilities based on factors such as internet exposure and automation potential. This shift is partly driven by the increasing threat of AI-enhanced cyber attacks. CISA's new strategy aims to provide more specific guidance to infrastructure owners on protecting critical assets.
Rapid Read Rapid Read
CISA Reevaluates Risk Prioritization for Federal and Private Sectors Amid AI Threats

CISA Reevaluates Risk Prioritization for Federal and Private Sectors Amid AI Threats

The Cybersecurity and Infrastructure Security Agency (CISA) is set to revise its approach to prioritizing risks and vulnerabilities for both federal agencies and private sector critical infrastructure. Acting Director Nick Andersen announced plans for a new binding operational directive aimed at improving vulnerability management by focusing on the risk associated with each vulnerability rather than a blanket approach to patching. This initiative is partly driven by the increasing threats posed by artificial intelligence, which have accelerated the timeline for weaponization and exploitation of vulnerabilities. The directive, which will be published soon, seeks to provide more specific guidance to infrastructure owners on protecting key assets. Andersen emphasized the need to prioritize certain systems over others, acknowledging that not all vulnerabilities are equally critical.
Rapid Read Rapid Read
CISA Orders Federal Agencies to Prioritize Vulnerability Patching with New Directive

CISA Orders Federal Agencies to Prioritize Vulnerability Patching with New Directive

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new directive requiring federal agencies to prioritize vulnerability patching based on four specific criteria. This initiative, part of a broader strategy to 'patch smarter, not harder,' emphasizes addressing vulnerabilities that affect publicly exposed assets, allow for automated exploitation, enable system control takeover, or are actively exploited in real-world scenarios. Acting Director Nick Andersen highlighted the directive's role in enhancing transparency and resource planning for effective vulnerability remediation. The directive, known as BOD 26-04, sets timelines for patching vulnerabilities, with the most critical requiring action within three days. This move is partly driven by the rapid pace at which artificial intelligence is accelerating vulnerability discovery and weaponization. While the directive is mandatory for federal agencies, CISA encourages the private sector to adopt similar practices.
Trendline Trendline
Anthropic Unveils Fable 5 and Mythos 5 AI Models with Enhanced Cybersecurity Features

Anthropic Unveils Fable 5 and Mythos 5 AI Models with Enhanced Cybersecurity Features

Anthropic Unveils Fable 5 and Mythos 5 AI Models with Enhanced Cybersecurity Features
Rapid Read Rapid Read
Senator Mark Warner Proposes Bill to Restore Federal Cybersecurity Funding for MS-ISAC

Senator Mark Warner Proposes Bill to Restore Federal Cybersecurity Funding for MS-ISAC

Senator Mark Warner of Virginia has introduced legislation aimed at restoring federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC). This center, part of the nonprofit Center for Internet Security, provides crucial cybersecurity resources and monitoring to approximately 19,000 state, local, territorial, and tribal organizations across the United States. Previously funded by the Department of Homeland Security (DHS), MS-ISAC's funding was excluded from the One Big Beautiful Bill Act signed into law last year by President Trump. The proposed legislation, known as the Guaranteeing Universal Access to Cybersecurity Act, seeks to allocate $50 million annually starting in fiscal year 2027 to support MS-ISAC. The bill emphasizes the importance of cybersecurity in protecting America's critical infrastructure from adversaries and criminals using advanced AI tools.
Rapid Read Rapid Read
Senator Mark Warner Proposes Bill to Restore Federal Funding for MS-ISAC

Senator Mark Warner Proposes Bill to Restore Federal Funding for MS-ISAC

Senator Mark Warner of Virginia has introduced new legislation aimed at restoring federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC). This center, part of the nonprofit Center for Internet Security, provides crucial cybersecurity resources and monitoring to approximately 19,000 state, local, territorial, and tribal organizations across the United States. Previously, funding for MS-ISAC was provided by the U.S. Department of Homeland Security (DHS), but it was excluded from the One Big Beautiful Bill Act signed into law last year by President Trump. Warner's proposed legislation, known as the Guaranteeing Universal Access to Cybersecurity Act, seeks to allocate $50 million annually starting in fiscal year 2027 to support MS-ISAC. The bill also mandates the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the Center for Internet Security to offer free cybersecurity services and technical assistance to public-sector organizations.
Rapid Read Rapid Read
CISA Rethinks Risk Prioritization for Federal and Private Sectors Amid AI Threats

CISA Rethinks Risk Prioritization for Federal and Private Sectors Amid AI Threats

The Cybersecurity and Infrastructure Security Agency (CISA) is revising its approach to prioritizing risks and vulnerabilities for both federal agencies and privately-owned critical infrastructure. Acting Director Nick Andersen announced plans for a new binding operational directive aimed at improving vulnerability management. This directive will encourage a more nuanced focus on the risk associated with each vulnerability, rather than a blanket approach to patching. The initiative is partly driven by the increasing threat of artificial intelligence-enhanced cyber threats, which have accelerated the timeline for weaponization and exploitation. Andersen emphasized the need for a more detailed understanding of which assets are most critical and how to protect them effectively.
Rapid Read Rapid Read
CISA Orders US Federal Agencies to Fix VPN Bug Amid Ransomware Threat

CISA Orders US Federal Agencies to Fix VPN Bug Amid Ransomware Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all civilian federal agencies address a critical vulnerability in their VPN systems by the end of the day on June 11, 2026. This directive comes in response to a ransomware group exploiting an unpatched flaw in security tools used across the federal government. The cybersecurity firm Check Point Software identified the bug, which affects several remote access tools, firewalls, and VPNs. The ransomware group, known as Qilin, has been actively exploiting this vulnerability since May 7, targeting numerous organizations globally. The urgency of the situation has prompted CISA to invoke its operational guidance memo, BOD 22-01, to ensure immediate action is taken to protect government networks from unauthorized access.
Rapid Read Rapid Read
CISA Reevaluates Risk Prioritization for Federal and Private Sectors

CISA Reevaluates Risk Prioritization for Federal and Private Sectors

The Cybersecurity and Infrastructure Security Agency (CISA) is rethinking its approach to prioritizing risks and vulnerabilities for both federal agencies and privately-owned critical infrastructure. Acting Director Nick Andersen announced plans for a new binding operational directive aimed at revising vulnerability management practices. The directive will focus on assessing the risk associated with each vulnerability, rather than applying patches indiscriminately. This approach is driven by the need to address artificial intelligence-enhanced threats and the dynamic nature of cyber threats. The directive is part of a broader effort to improve resilience and prioritize critical assets.
Rapid Read Rapid Read
CISA Orders Immediate Fix for VPN Bug Exploited by Ransomware Group Targeting Federal Agencies

CISA Orders Immediate Fix for VPN Bug Exploited by Ransomware Group Targeting Federal Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to all U.S. civilian federal agencies to address a critical vulnerability in their VPN systems by June 11. This directive comes in response to active exploitation of the flaw by a ransomware group known as Qilin. The vulnerability affects several remote access tools, firewalls, and VPNs provided by Check Point Software, which are integral to protecting networks from unauthorized access. The exploitation began on May 7 and has intensified, targeting numerous organizations globally. CISA's directive, based on its operational guidance memo BOD 22-01, mandates immediate remediation to safeguard the federal government's enterprise network from potential breaches.